Overview

Quick Notes on setting up Docker Private Registry with TLS (secure), shout out to bobcares.com as I’m basically cannibalizing their notes with my edits because they’ve already written out some great notes, just tailoring it to my own situation.

Generate SSL via container

create working directories:

mkdir -p /opt/registry/{auth,data,ssl,config}

(optional) if you have selinux running, you need to change permissions on your registry directory

chcon -Rt svirt_sandbox_file_t <registry_dir>

replace the ‘SSL_SUBJECT’ with your own and run this command to generate your SSL files

usually means the host calling the registry does NOT recognize the CA of the registry.

the ca.pem from the step above (“Generate SSL via container”) needs to be on EVERY HOST that needs to talk to the registry
e.g. if your registry is called ‘dockeregistry’ you’d need to find ca.crt in /etc/docker/certs.d/dockeregistry:5000 (includes ‘:5000’)

note: the directory in ‘/etc/docker/cert.d/’ must match the name of the registry you’re logging into - if the registry is “docker.registry.org:6000” the directory must be EXACTLY ‘/etc/docker/cert.d/docker.registry.org:6000’